Description
An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. In Special:CheckUser, a check of the "get edits" type is vulnerable to HTML injection through the User-Agent HTTP request header.
Remediation
References
Related Vulnerabilities
OpenSSL Incomplete Cleanup Vulnerability (CVE-2022-1473)
WordPress Plugin Social Media Share Buttons & Social Sharing Icons Security Bypass (1.5.1)
WordPress Plugin Tatsu Arbitrary File Upload (3.3.11)
WordPress Plugin WP ULike Multiple Vulnerabilities (3.1)
WordPress Plugin Read and Understood Multiple Vulnerabilities (2.1)